Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
uR1MVCwDco.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\uR1MVCwDco.exe
|
"C:\Users\user\Desktop\uR1MVCwDco.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
|||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
77.220.213.58
|
unknown
|
Ukraine
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2791000
|
trusted library allocation
|
page read and write
|
|
|
|
342000
|
unkown
|
page readonly
|
|
|
|
80C000
|
heap
|
page read and write
|
||
|
4EEE000
|
stack
|
page read and write
|
||
|
8BA000
|
heap
|
page read and write
|
||
|
27F1000
|
trusted library allocation
|
page read and write
|
||
|
2610000
|
trusted library allocation
|
page read and write
|
||
|
659E000
|
stack
|
page read and write
|
||
|
4D17000
|
heap
|
page read and write
|
||
|
4D23000
|
heap
|
page read and write
|
||
|
5400000
|
heap
|
page read and write
|
||
|
D92000
|
trusted library allocation
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
AAE000
|
stack
|
page read and write
|
||
|
4EAE000
|
stack
|
page read and write
|
||
|
D6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
27C3000
|
trusted library allocation
|
page read and write
|
||
|
2620000
|
heap
|
page read and write
|
||
|
53EF000
|
stack
|
page read and write
|
||
|
7D5000
|
heap
|
page read and write
|
||
|
DB7000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
5604000
|
trusted library allocation
|
page read and write
|
||
|
4D5D000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
7E7000
|
heap
|
page read and write
|
||
|
25EC000
|
stack
|
page read and write
|
||
|
D82000
|
trusted library allocation
|
page read and write
|
||
|
5649000
|
trusted library allocation
|
page read and write
|
||
|
5650000
|
trusted library allocation
|
page read and write
|
||
|
649E000
|
stack
|
page read and write
|
||
|
2822000
|
trusted library allocation
|
page read and write
|
||
|
569E000
|
stack
|
page read and write
|
||
|
27CE000
|
trusted library allocation
|
page read and write
|
||
|
D97000
|
trusted library allocation
|
page execute and read and write
|
||
|
52EE000
|
stack
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
59EE000
|
stack
|
page read and write
|
||
|
280B000
|
trusted library allocation
|
page read and write
|
||
|
D64000
|
trusted library allocation
|
page read and write
|
||
|
34E000
|
unkown
|
page readonly
|
||
|
4D3A000
|
heap
|
page read and write
|
||
|
5629000
|
trusted library allocation
|
page read and write
|
||
|
2680000
|
heap
|
page read and write
|
||
|
79E000
|
stack
|
page read and write
|
||
|
C8E000
|
stack
|
page read and write
|
||
|
5640000
|
trusted library allocation
|
page read and write
|
||
|
4FED000
|
stack
|
page read and write
|
||
|
2827000
|
trusted library allocation
|
page read and write
|
||
|
512D000
|
stack
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
D9B000
|
trusted library allocation
|
page execute and read and write
|
||
|
27FD000
|
trusted library allocation
|
page read and write
|
||
|
4CC0000
|
heap
|
page read and write
|
||
|
27C8000
|
trusted library allocation
|
page read and write
|
||
|
492E000
|
stack
|
page read and write
|
||
|
639E000
|
stack
|
page read and write
|
||
|
27D3000
|
trusted library allocation
|
page read and write
|
||
|
281C000
|
trusted library allocation
|
page read and write
|
||
|
4CA6000
|
heap
|
page read and write
|
||
|
4D00000
|
heap
|
page read and write
|
||
|
D8A000
|
trusted library allocation
|
page execute and read and write
|
||
|
27DB000
|
trusted library allocation
|
page read and write
|
||
|
5626000
|
trusted library allocation
|
page read and write
|
||
|
25F0000
|
heap
|
page execute and read and write
|
||
|
340000
|
unkown
|
page readonly
|
||
|
D70000
|
trusted library allocation
|
page read and write
|
||
|
583E000
|
stack
|
page read and write
|
||
|
817000
|
heap
|
page read and write
|
||
|
27EE000
|
trusted library allocation
|
page read and write
|
||
|
4C70000
|
heap
|
page read and write
|
||
|
27F6000
|
trusted library allocation
|
page read and write
|
||
|
5C2C000
|
stack
|
page read and write
|
||
|
27D0000
|
trusted library allocation
|
page read and write
|
||
|
7A7000
|
heap
|
page read and write
|
||
|
27F9000
|
trusted library allocation
|
page read and write
|
||
|
7F0B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
27E0000
|
trusted library allocation
|
page read and write
|
||
|
25AE000
|
stack
|
page read and write
|
||
|
5B6D000
|
stack
|
page read and write
|
||
|
D86000
|
trusted library allocation
|
page execute and read and write
|
||
|
D0F000
|
stack
|
page read and write
|
||
|
6F8000
|
stack
|
page read and write
|
||
|
278F000
|
stack
|
page read and write
|
||
|
5860000
|
trusted library allocation
|
page read and write
|
||
|
27DD000
|
trusted library allocation
|
page read and write
|
||
|
5614000
|
trusted library allocation
|
page read and write
|
||
|
2600000
|
trusted library allocation
|
page execute and read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
564B000
|
trusted library allocation
|
page read and write
|
||
|
BEE000
|
stack
|
page read and write
|
||
|
2660000
|
heap
|
page execute and read and write
|
||
|
8DC000
|
heap
|
page read and write
|
||
|
AEC000
|
stack
|
page read and write
|
||
|
3EC000
|
stack
|
page read and write
|
||
|
D50000
|
trusted library allocation
|
page read and write
|
||
|
4798000
|
trusted library allocation
|
page read and write
|
||
|
2818000
|
trusted library allocation
|
page read and write
|
||
|
27FB000
|
trusted library allocation
|
page read and write
|
||
|
D60000
|
trusted library allocation
|
page read and write
|
||
|
3797000
|
trusted library allocation
|
page read and write
|
||
|
2670000
|
trusted library allocation
|
page read and write
|
||
|
58AE000
|
stack
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
502D000
|
stack
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
D63000
|
trusted library allocation
|
page execute and read and write
|
||
|
2560000
|
trusted library allocation
|
page read and write
|
||
|
2676000
|
trusted library allocation
|
page read and write
|
||
|
2804000
|
trusted library allocation
|
page read and write
|
||
|
5635000
|
trusted library allocation
|
page read and write
|
||
|
3791000
|
trusted library allocation
|
page read and write
|
||
|
546C000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
D80000
|
trusted library allocation
|
page read and write
|
||
|
CCE000
|
stack
|
page read and write
|
||
|
C4E000
|
stack
|
page read and write
|
||
|
58EE000
|
stack
|
page read and write
|
||
|
5CAE000
|
stack
|
page read and write
|
||
|
2825000
|
trusted library allocation
|
page read and write
|
||
|
819000
|
heap
|
page read and write
|
||
|
5A6C000
|
stack
|
page read and write
|
||
|
27F4000
|
trusted library allocation
|
page read and write
|
||
|
4DAE000
|
stack
|
page read and write
|
There are 115 hidden memdumps, click here to show them.